Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Route to Host even though BGP route exists.

    Routing and Multi WAN
    1
    2
    206
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wstocker
      last edited by

      Hi All,

      First post so please be kind.

      pfsense CE 2.5.0.

      I have an issue where I am getting no route to host from the LAN net even though there is a route available via BGP from my peer.

      Am I missing something here?

      config:

      AWS Transit Gateway connected to Pfsense IPsec w/ BGP.

      Peer IPs are in 169.254.0.0/16
      Local Peer IP is VIP on WAN if.
      Allow APIPA traffic Enabled.
      Allow bogons.
      Allow RFC1918

      Peers are UP and routes exchanged (Can see them propagated AWS side as well).

      LAN Range: 192.168.60.0/24
      AWS VPC Range: 10.0.0.0/16

      no-nat for src lan-net to dst aws-vpc.

      frr config:

      !
      frr defaults traditional
      hostname *********
      password *********
      log syslog
      service integrated-vtysh-config
      !
      router bgp 65000
      bgp network import-check
      no bgp ebgp-requires-policy
      neighbor 169.254.87.45 remote-as 64512
      neighbor 169.254.87.45 update-source 169.254.87.46
      neighbor 169.254.113.73 remote-as 64512
      neighbor 169.254.113.73 update-source 169.254.113.74
      !
      address-family ipv4 unicast
      network 192.168.60.0/24
      neighbor 169.254.87.45 activate
      neighbor 169.254.113.73 activate
      no neighbor 169.254.87.45 send-community
      no neighbor 169.254.113.73 send-community
      exit-address-family
      !
      !
      line vty
      !
      end

      bgp routes;

      Network Next Hop Metric LocPrf Weight Path
      *> 10.0.0.0/16 169.254.87.45 100 0 64512 i
      *= 169.254.113.73 100 0 64512 i
      *> 192.168.60.0/24 0.0.0.0 0 32768 i

      bgp summary

      Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
      169.254.87.45 4 64512 442 439 0 0 0 01:12:56 2 3
      169.254.113.73 4 64512 442 439 0 0 0 01:12:56 2 3

      Ping:

      root: ping -S 169.254.87.46 169.254.87.45
      PING 169.254.87.45 (169.254.87.45) from 169.254.87.46: 56 data bytes
      64 bytes from 169.254.87.45: icmp_seq=0 ttl=254 time=19.119 ms
      64 bytes from 169.254.87.45: icmp_seq=1 ttl=254 time=30.823 ms

      root: ping -S 192.168.60.1 10.0.4.169
      PING 10.0.4.169 (10.0.4.169) from 192.168.60.1: 56 data bytes
      ping: sendto: No route to host

      route show:

      /root: route show 10.0.4.169
      route to: 10.0.4.169
      destination: 10.0.0.0
      mask: 255.255.0.0
      gateway: 169.254.87.45
      fib: 0
      interface: re1
      flags: <UP,GATEWAY,DONE,PROTO1>
      recvpipe sendpipe ssthresh rtt,msec mtu weight expire
      0 0 0 0 1500 1 0

      If I have NAT on I just get blackhole as I presume its trying to send the traffic over the default gateway, so assuming no-nat is correct.

      I have ruled out AWS security group and acl issues using a static ipsec tunnel.

      How can I not have a route when there is clearly one in the route table?

      Am I missing something obvious?

      Cheers

      1 Reply Last reply Reply Quote 0
      • W
        wstocker
        last edited by

        I'm an idiot.

        Use VTI instead of a tunnel and it works fine.

        Days wasted.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.